Event banner
The latest on managing Windows updates in Microsoft Intune
Event details
Don't miss this chance to benefit from lessons learned managing driver updates and get up-to-speed on the latest improvements. We'll demonstrate how to use Microsoft Intune to deploy Windows 11 with a mix of eligible and non-eligible devices, and a new quality update report for all your Intune enrolled devices.
This session is part of the Microsoft Technical Takeoff: Windows + Intune. Add it to your calendar, RSVP for event reminders, and post your questions and comments below! This session will also be recorded and available on demand shortly after conclusion of the live event. |
- Joe_FriedelBrass ContributorWhat happens on a device if an optional driver is approved but a newer version of that driver is in recommended and also approved?
- BryanDamBrass ContributorWhat the WUfB Deployment Service does, in essence, it tell Windows Update (the cloud service) what updates to offer to what devices. So if WU is told to offer two applicable drivers then Windows will do what it does when, like in the consumer experience, all applicable drivers are offered: pick the 'best' one based on release date and version. In your scenario then it will select the newer, recommended version.
- erikdeklerckCopper Contributorwas there a windows updates troubleshooting session planned ?
- David_GuyerMicrosoftNo, not this time around. It's a great idea to do next time!
- BryanDamBrass ContributorWell ... axctually ... there was one today @ 8:30 AM: https://techcommunity.microsoft.com/t5/windows-events/troubleshooting-windows-updates/ev-p/3971556
- treestryderSteel Contributor
To help find vendors and products that have made the transition to modern device management, there is a community-maintained spreadsheet named "Modern Windows Management Database".
https://1drv.ms/x/s!AgG_boPR-xfWjN9i2Z_y_8ErM6t--A
Please help by contributing your experiences to it.
- Komal190790Copper Contributor
Excited to see Bulk Update and Applicable devices feature!! Thanks We've noticed that play-and-plug drivers often require reboots, Is it feasible to eliminate reboots associated with extension/play & Plug drivers? Our Users keep getting asked to reboot outside our usual patching schedule, and it's causing a lot of feedback. Is there a way to avoid restarts for all extension drivers?
- David_GuyerMicrosoftGreat to hear! We are looking at how we can move driver installs and reboots outside of active hours, so even network or video drivers, won't interrupt end users. Will that work well for you?
- Komal190790Copper ContributorI like the idea of scheduling drivers outside of active hours to avoid user interruptions. Does this mean drivers won't honor the specified deadline/grace period in the Update Policy, or could the active hours policy be limited to drivers only? Trying to understand how it would work, but I might be asking too many questions too soon.
- EricOhlinIron Contributor
How does this setting...
...Work in conjunction with this setting? Does the QU ring setting have to be enabled for this FU setting to work? Since the FU ring setting is based on Win10 --> Win11, does it function at all if the QU ring setting is No.
Thanks!
- David_GuyerMicrosoftThe setting in Update Rings policies is there for those customers who do not want to use feature update policies for any reason. They are not intended to be used together. We recommend using the feature update polices because they offer benefits like gradual rollouts, starting on a specified date, specifying the version, and reporting... not to mention the new feature that will also ensure devices not eligible for Windows 11 are update to the latest Windows 10 22H2 release (something the Update Ring setting does not do). So, when using the Feature update policies, leave the Upgrade Windows 10 devices to Latest Windows 11 release setting to No, so that the feature update policy can do it's magic. Hope that helps.
- EricOhlinIron ContributorHey David, this helps. We've often found that the Update Ring policies affect update policies in other scenarios, such as feature updates, driver updates, etc. So, thank you for clarifying. Can you please confirm one last thing? So, if the Update Ring policy "Upgrade Windows 10 devices to Latest Windows 11 release" is set to no, and then you deploy a Feature Update targeting Win 11 23H2 to a Windows 10 device (that is W11 capable), will it upgrade the device? Many thanks!
- EricOhlinIron ContributorWe're very much looking forward to these improvements. Thanks!
- Char_CheesmanBronze Contributor
Thanks for joining us! We hope you enjoyed this session. If you missed the live broadcast, don’t worry – you can watch it on demand. And we’ll continue to answer questions here in the chat through the end of the week. There's more great content in store at the Microsoft Technical Takeoff! What do you like about the event so far? Share your feedback and help shape the direction of future events on the Tech Community!
- treestryderSteel ContributorLove the Windows Update updates! Just saw the Quality Update report and was reminded, every month, I have to manually update the expected Windows version for our Compliance policy that ensures our PCs have their latest Quality Update applied. I would love it if this were automated in some way. Would your team be a good place to send that feedback? If not, how best should I suggest it?
- David_GuyerMicrosoft
treestryder , you just have! I agree, updating that manually every month is not fun and so we do have on our list to look into how to better automate that compliance policy setting. Would you prefer if it were to automatically update the version... or rather would you like it better if we changed the input so that you can say "Quality Updates released within the last [you specify] days are compliant"?
- treestryderSteel Contributor
Currently, every "Patch Tuesday", I set the values to latest version numbers once the Windows release page has been updated (see policy screenshot below). This policy has a 7 day grace period.
If I had to convert this to days, I might have to set it to "31".
My main concern is ensuring Windows Update is working on the PC and will update as soon as it can. This is the best way I found to ensure it is.
- gatewood502Brass Contributor
THIS Quality Update REPORT IS MUCH NEEDED!!!!!!! When will this be available?
- David_GuyerMicrosoftI'm so glad you like the new Quality Update reports! It's in early preview stages now, and we are hoping, depending on the feedback and quality we measure, to make it more broadly available early next year. Stay tuned to Intune's What's New to find out when it's being released!
- PanuSaukkoIron ContributorAny plans to allow automatically approve drivers based on different hardware classes? E.g. I'd like to automatically approve network drivers, but not BIOS updates.
- Monty0120MicrosoftWe are currently looking at how we can provide more options to approve drivers based on certain criteria like you mentioned hardware class or manufacturer etc. We are still gathering more info on requirements, having said we would like to gather some info from you like what the experience be, something like in driver policy, ability to choose "this set of drivers" automatically approve, rest manual? and can change this criteria etc?
- BryanDamBrass ContributorRight, @Panu (and I, and many others) would love to have ConfigMgr ADRs for drivers. In Panu's scenario, that would allow him to automatically deploy less-concerning drivers like network drivers without also YOLO'ing BIOS updates that deserve more attention. Part of the problem there, as I understand it, is the metadata. The driver class is a free-text field that the OEM/IHVs can enter in anything they want. However, what most admins have in mind is where that hardware/driver shows up in Device Manager.